“SpaceXAI's Grok Build AI coding tool was discovered uploading users' entire codebases to Google Cloud storage, including files it was instructed not to access. The security flaw was reported by Cereblab and subsequently disabled by the company. This incident raises critical concerns about data privacy and security practices in AI development tools.”
Key Takeaways
- Grok Build was uploading complete codebases to Google Cloud without clear user consent
- The tool uploaded files it was explicitly told not to access or open
- SpaceXAI disabled the feature after Cereblab's security findings were published
SpaceXAI's Grok Build was uploading entire codebases without explicit user consent.
trending_upWhy It Matters
This incident highlights critical security vulnerabilities in AI-powered development tools that handle sensitive source code. For developers and enterprises, it underscores the importance of scrutinizing data handling practices in third-party AI tools before adoption. The discovery reinforces growing concerns about privacy and data governance in the AI tools ecosystem.
FAQ
How did Grok Build upload files it was told not to access?
The tool's packaging mechanism included files regardless of exclusion directives, uploading entire repositories without selective filtering capabilities.
Is my data safe if I used Grok Build?
Users should assume codebases may have been uploaded to Google Cloud and consider revoking credentials or reviewing access logs with Google.



